10-07-2013 05:20 AM - edited 03-04-2019 09:14 PM
Hello,
We are experiencing some high cpu utlilization in our FWSM blade and i would like your opinion if this is normal. Sometimes the CPU touches 90% utilization.
FWSM/act# sh ver
FWSM Firewall Version 4.0(7)
Device Manager Version 6.2(3)F
Compiled on Tue 08-Sep-09 20:48 by fwsmbld
FWSM up 59 days 17 hours
failover cluster up 59 days 17 hours
Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash STI Flash 8.0.0 @ 0xc321, 20MB
0: Int: GigabitEthernet0 : address is 0021.d80c.e300, irq 5
1: Int: GigabitEthernet1 : address is 0021.d80c.e300, irq 7
2: Int: EOBC0 : address is 0000.1100.0000, irq 11
Licensed features for this platform:
Maximum Interfaces : 256
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
BGP Stub : Disabled
Service Acceleration : Disabled
VPN Peers : Unlimited
Serial Number:
FWSM/act#
FWSM/act# sh cpu usage
CPU utilization for 5 seconds = 34%; 1 minute: 39%; 5 minutes: 40%
HC-6500-FWSM/act# show processes cpu-hog
MAXHOG NUMHOG LASTHOG Process
-------------- --------------- --------------- ---------
120 7 110 fast_fixup
200 1 200 fover_rep
200 6 190 ssh
160 7 150 ssh
160 2 160 accept/http
200 1 200 qos_metric_daemon
FWSM/act# sh conn count
9137 in use, 41843 most used
FWSM/act# sh processes memory | e 0
------------------------------------------------------------
Allocs Allocated Frees Freed Process
(bytes) (bytes)
------------------------------------------------------------
59715 5185868 83348 6187656 accept/http
29 174224 6 264 fover_thread
2 14 1 2 sqlnet
967 192942 967 192942 aaa
4 4297 1 13 ScpIncomingThread
6 5372 6 24972 Session Manager
6 44162 4 16648 route_process
9 396 9 396 fover_FSM_thread
26 17725 1 1281 ci/console
1336 88358 32 133184 websns_keepalive
4 8412 2 88 fover_ip
3252 26528 971 258742 tacplus_snd
8 352 8 352 fover_rx
8 352 8 352 lu_rx
On the MSFC:
WAN#sh module
Mod Ports Card Type Model
--- ----- -------------------------------------- ------------------
1 6 Firewall Module WS-SVC-FWM-1
2 6 Firewall Module WS-SVC-FWM-1
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 001f.ca08.74c2 to 001f.ca08.74c9 4.3 7.2(1) 4.0(7) Ok
2 001f.6c88.6232 to 001f.6c88.6239 4.2 7.2(1) 4.0(7) Ok
5 0017.9444.d3bc to 0017.9444.d3bf 5.4 8.4(2) 12.2(33)SXI9 Ok
Mod Sub-Module Model Hw Status
---- --------------------------- ------------------ ------- -------
3 Centralized Forwarding Card WS-F6700-CFC 4.1 Ok
5 Policy Feature Card 3 WS-F6K-PFC3B 2.3 Ok
5 MSFC3 Daughterboard WS-SUP720 3.0 Ok
WAN#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI9, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Fri 24-Feb-12 21:38 by prod_rel_team
ROM: System Bootstrap, Version 12.2(17r)S4, RELEASE SOFTWARE (fc1)
WAN uptime is 8 weeks, 3 days, 17 hours, 32 minutes
Uptime for this control processor is 8 weeks, 3 days, 17 hours, 27 minutes
Time since GB-LON-HC-01-WAN switched to active is 8 weeks, 3 days, 17 hours, 26 minutes
System returned to ROM by reload (SP by reload)
System restarted at 19:40:39 BST Thu Aug 8 2013
System image file is "sup-bootdisk:s72033-advipservicesk9_wan-mz.122-33.SXI9.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
cisco WS-C6509-E (R7000) processor (revision 1.3) with 458720K/65536K bytes of memory.
Processor board ID
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
6 Virtual Ethernet interfaces
120 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
Any ideas?
TIA,
Nicos Nicolaides
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: